Policy written & approved by Directors May 2018
YorSpace confidentiality and data protection policy
YorSpace works to maintain standards of confidentiality and data protection in relation to personal information and / or detailed information about YorSpace's work or activities.
There are two current Acts / regulations and three pending introduction that primarily regulate YorSpace and data protection.
- Data Protection Act (DPA) 1998
- Privacy and Electronic Communications (EC Directive) Regulations (PECR) 2003
- Data Protection Bill -- currently before parliament
- General Data Protection Regulation (GDPR) 2018
- ePrivacy regulations 2018
YorSpace's policy is to comply with the latest data protection regulations and law and best practice. In addition it requires potential employees, volunteers and third party suppliers to cooperate with YorSpace in order to comply.
This policy applies to all volunteer, potential staff, contractors and those working for YorSpace, whether permanent or temporary. It must be read and agreed to before access to any information is provided.
Volunteers, including Directors who have access to Personal Identifying Information or detailed information about YorSpace's work or activities must also read and agree to this policy. This includes the Confidentiality statement form
Volunteers who do not have access to Personal Identifying Information or detailed information about YorSpace's activities must sign and agree to the confidentiality statement, in the likelihood they may come into contact with personal identifying information.
This policy applies to information about identifiable individuals. This applies even where information is technically outside the scope of the Acts or regulations, by not meeting the strict definition of 'data' in the Act or regulation.
- comply with both the law and good practice
- respect individuals' rights
- be open and honest with individuals whose data is held
YorSpace recognises that its first priority under the Data Protection Act is to avoid causing harm to individuals. In the main this means:
- keeping information securely in the right hands, and
- keeping good quality information.
The Act also aims to make sure that the legitimate concerns of individuals about the ways in which their data may be used are taken into account.
- be open and transparent
- seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used.
The responsibility for observing these standards applies to every Director, volunteer and potential member of staff and any third party allowed access to personal information.
Third parties must comply with the requirements of the Data Protection Act and or GDPR in their handling of such information.
Breaches of this policy by Directors, volunteers and potential members of staff and volunteers may be considered a serious disciplinary matter.
Individuals may also be held criminally liable for knowingly or recklessly disclosing personal data outside of these policies and procedures.
Breaches on the part of third parties will be considered breach of contract.
Personal data means data which relate to a living individual who can be identified -
- from those data, or
- from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
Sensitive personal data means personal data consisting of information as to:
- the racial or ethnic origin of the data subject,
- their political opinions,
- their religious beliefs or other beliefs of a similar nature,
- whether they are a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),
- their physical or mental health or condition,
- their sexual life,
- the commission or alleged commission by them of any offence, or
- any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings.
YorSpace Privacy Statement -- how we use your information
Our privacy statement
This privacy statement tells you what to expect when we collect personal information.
Who are we?
In this policy, whenever you see the words 'we', 'us' or 'our', it refers to YorSpace..
Your acceptance of this policy
By using our websites, social media pages, becoming a member or providing your information you consent to our collection and use of the information you provide in the way(s) set out in this policy. If you do not agree to this policy please do not become a member, use our sites, social media pages or services.
What is personal data?
'Personal data' means any information that identifies a living person. This can include name, address, phone number or email address.
It also covers our use of any personal information you provide to us. This may be by phone, text message (SMS), email, social media, letter and other correspondence, and in person. It can include IP addresses and other technical identifying information.
What is sensitive personal data?
'Sensitive personal data' means information about someone that may include their financial information, age, ethnicity or physical or mental health condition.
- People we collect information on
- Why we hold your data
- How we collect data
- Complying with the Data Protection Act
- Marketing communication preferences
- Social media
- Giving your data to other organisations
- Sensitive data
- Use of media and consent
- Your data on our website
- Website hosting
- People who contact us through social media
- Accessing information held about you
- Changing your communication preferences
- Asking for your data to be deleted
- The remit of this policy
- How to contact us
People we collect information on
We need to collect and use your personal data if you contact us for any reason, including if you are a:
- Member of YorSpace
- Member of our online community.
- Someone who contacts with us through social media platforms.
- Volunteer or prospective volunteer.
- Donor or someone fundraising for us.
- Supplier or prospective supplier to YorSpace.
- Journalist, member of the media or someone who publishes or broadcasts to the public.
- MP, other parliamentarian or representative including councillors and council officer.
- Person within the community build/Self build community who works with us. This can include architects, financial professionals, commissioners and officials of government and other similar departments.
- Person from an organisation that wishes to work with us or ask us for support or information (including, but not limited to, charities companies, government and other similar departments).
Why we hold your data
We hold your details to:
- Communicate with you as a supporter and service user.
- Respond to your enquiry or request for information.
- Provide you with the service or membership you have requested.
- Process sales or donations and verify financial transactions.
- Keep a record of any contact we have with you.
- Enable our Resident Selection process, see Allocation Policy for details
- Help you with any problems you may be experiencing with a form or our website. We may also do this if you enter your details onto one of our online forms, and you don't 'send' or 'submit' the form.
How we collect data
We may collect and store information about you whenever you interact with us. For example, when you make a donation, register for an event or submit an enquiry.
We may also receive information about you from third parties for a specific purpose. However, this will only happen if you have given them permission to share your information.
Complying with the Data Protection Act
Data Protection Act principles require YorSpace to process personal data fairly and lawfully. We will offer you choices about the way you are contacted. We will also be clear about how we will use your information. We will make sure that the reason for collecting information is lawful.
We only hold data about you that is enough for our purpose, nothing more.
We work to make sure the data we hold is accurate and up to date.
We only hold personal data as long as necessary. However, we may need to keep personal data from you even if you have requested no further contact. This is so that we can make sure we don't contact you about an activity.
We have systems in place to safeguard your personal data. Access to written and electronic personal data is restricted and has a level of security depending on the sensitivity of the data.
Marketing communication preferences
If you have given us permission to contact you about YorSpace news and information, our work or ways to support us, we will make sure that you can opt out of receiving marketing communications. At the first reasonable opportunity, you will be offered the chance to opt out of hearing from YorSpace. You will be able to say 'no' to contact by mail, telephone, text or email.
If at a later date you complete another form, giving different contact preferences, we will use those you have given most recently.
Every time we contact you in the future we will give you the chance to update your communication preferences.
We may use your details to contact you with updates and information relating to our events, meetings, fundraising and progress. This depends on your own privacy settings for social media and messaging sites such as Facebook, WhatsApp and Twitter. We will only do this if you have followed us on social media platforms. We may also use your details to promote other activities or events on social media platforms. To control these adverts you should amend your social media platform settings.
Giving your data to other organisations
Unlike some organisations, we will never swap or sell your data to another organisation for them to use for marketing purposes.
If you join YorSpace as a member and undergo the process required to become a resident we may record the following
- Monthly income, level of savings, age, members of household, any dependent, size of house desired
If you withdraw from the process of becoming a resident this information will be securely deleted. Upon becoming a resident this information may be passed to the resident Mutual Home Ownership Society, with your permission. YorSpace will only keep this information if required, eg by our financial investors or lending institution, to maintain the integrity of an on-going community.
Some of this is classified as "sensitive data" (and is subject to additional Data Protection regulations). We will ask for your explicit consent to record and process sensitive information.
We have legally-backed reasons for collecting sensitive data. It helps us to achieve one or more of our organisations' aims. For example, our lenders require proof of income. . None of this data will be used in a way that could harm you as an individual.
Use of media and consent
- Media consent applies to
- Video footage
- Still images taken from video
- Sound recordings
- Quotes and case studies submitted (spoken or written, including web form submissions)
- It applies whether or not YorSpace took the material, commissioned it or it was submitted by a third party.
- If you give consent to the use of media YorSpace may use it as follows
- on the YorSpace website or other websites
- on social media and video-hosting platforms (for example Twitter, Facebook, Instagram and YouTube)
- in YorSpace information materials, such as leaflets, presentations, posters or fundraising material
- for broadcast and radio interviews
- for written press articles
- Expiry of consent
- Material will only be used, printed or published for as long as consent has been given.
- Consent can be withdrawn at any time in which case every effort will be made to withdraw from use and they will not be used in the future.
- YorSpace will take all reasonable steps to make sure that content used for our web sites, publications and materials is not used by third parties without our permission. However, we cannot guarantee that third parties will always request our consent.
- At some of YorSpace events other photographers not employed or associated with YorSpace may take and distribute photographs etc. These may be journalists, other event attendees or casual passers-by. The use of these images etc are beyond YorSpace control.
Your data on our website
If you use any of the email facilities or forms on any of our sites, we will capture your email address, your name and, where relevant, your postal address. This means we can respond to your request, enquiry or membership application. We will ask if you want to opt in to being contacted in the future by mail, telephone, email or text.
We will use a third party payment provider (PayPal) to process payments. We will not ask you for credit card or other payment details or store any payment details on our systems.
We may use standard third-party web analytics services (such as Google Analytics) to collect anonymous information about your computer, including your IP address, operating system and browser type. This includes for example the number of users viewing pages on the site, but it does not identify you individually. This means we can monitor and report on the effectiveness of the site and help us improve it. If visitors want to post a comment on our sites, we require visitors to enter a name and email address.
We may temporarily retain any data that you provide on the website even if you do not complete an action. Such data may be used to contact you to enquire if you require any assistance with using the site but for no other purpose.
We use third-party services to host our websites. These sites are hosted at:
Accessing information held about you
YorSpace will assist you if you want to see the information we hold about you. A request should be made in writing, by email, to firstname.lastname@example.org. In most cases, we will reply to a request within a month. We may need to extend this period for particularly complex requests.
Incorrect data can be changed or destroyed.
If you have already requested and received this information, there will need to be a reasonable period of time before you can request the information again.
Changing your communication preferences
You can change your communication preferences at any time. You can choose whether we contact you by mail, telephone, email or text message. You can also choose whether or not you receive information on certain activities of YorSpace, such as events, campaigns and developments. Just contact us by email to email@example.com or visit yorspace.org.
Asking for your data to be deleted
You can ask YorSpace to stop using your personal data at any time and we will delete your information.. However if you are a member this will mean ending your membership of YorSpace Community Benefit Society.
The remit of this policy
This privacy notice does not cover information gathered on other websites outside our control.
How to contact us
Requests for information about our privacy statement can be emailed: firstname.lastname@example.org